Re: [PATCH 1/4] tune2fs: prevent changing UUID of fs with stable_inodes feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Apr 1, 2020, at 2:32 PM, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> 
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> The stable_inodes feature is intended to indicate that it's safe to use
> IV_INO_LBLK_64 encryption policies, where the encryption depends on the
> inode numbers and thus filesystem shrinking is not allowed.  However
> since inode numbers are not unique across filesystems, the encryption
> also depends on the filesystem UUID, and I missed that there is a
> supported way to change the filesystem UUID (tune2fs -U).
> 
> So, make 'tune2fs -U' report an error if stable_inodes is set.
> 
> We could add a separate stable_uuid feature flag, but it seems unlikely
> it would be useful enough on its own to warrant another flag.

What about having tune2fs walk the inode table checking for any inodes that
have this flag, and only refusing to clear the flag if it finds any?  That
takes some time on very large filesystems, but since inode table reading is
linear it is reasonable on most filesystems.

Cheers, Andreas

> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
> misc/tune2fs.c | 7 +++++++
> 1 file changed, 7 insertions(+)
> 
> diff --git a/misc/tune2fs.c b/misc/tune2fs.c
> index 314cc0d0..ca06c98b 100644
> --- a/misc/tune2fs.c
> +++ b/misc/tune2fs.c
> @@ -3236,6 +3236,13 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
> 		char buf[SUPERBLOCK_SIZE] __attribute__ ((aligned(8)));
> 		__u8 old_uuid[UUID_SIZE];
> 
> +		if (ext2fs_has_feature_stable_inodes(fs->super)) {
> +			fputs(_("Cannot change the UUID of this filesystem "
> +				"because it has the stable_inodes feature "
> +				"flag.\n"), stderr);
> +			exit(1);
> +		}
> +
> 		if (!ext2fs_has_feature_csum_seed(fs->super) &&
> 		    (ext2fs_has_feature_metadata_csum(fs->super) ||
> 		     ext2fs_has_feature_ea_inode(fs->super))) {
> --
> 2.26.0.rc2.310.g2932bb562d-goog
> 


Cheers, Andreas





Attachment: signature.asc
Description: Message signed with OpenPGP


[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux